Doctors say information on 'Web patients' sold to advertisers

Yesterday, a group of physicians warned “web patients” that personal,
medical information given to health websites is being sold to advertisers.

The alert, issued by the
Association of American Physicians and
Surgeons, is to be distributed to patients through doctors’ offices and cautions patients about lax security and intentional sale of personal and medical information by many of the most popular health websites.

In January, CHCF analyzed 21 of the most visited health-related websites, including
WebMD.com,
MayoHealth.org,
DrKoop.com and other general and disease-specific sites. Researchers first evaluated sites’ privacy policies in the context of a set of “fair information practice principles” — which are listed in the report — and by going online as “typical consumers.”

“The report concludes that anonymity is a myth, and that many websites are willing participants in furnishing and selling information to third parties,” AAPS officials said in a statement.

Estimates indicate at least 17,000 different health-care sites exist on the Internet serving some 24.8 million American adults, with the number of users projected to increase to 30 million this year.

Physicians fear consumers are unaware of the lack of confidentiality, and AAPS is alarmed at the widespread tracking and sale of personal medical information.

“This industry is cashing in on trafficking in people’s personal medical records,” said Jane M. Orient, M.D., executive director of AAPS. “They’ll do everything they can to pry, cajole or coax information from consumers to make money for their stockholders.”

“They post sham privacy policies that aren’t worth the electricity they take to display,” she added.

Web privacy violations detailed in the report include: the sale of online profiles to ad networks such as
DoubleClick, the release of information to unauthorized third-party contractors to perform health assessments and the fluctuating nature of privacy policies that can change at any time without patient notification.

“That innocent ‘Wellness Test’ could mean the end of your privacy,” noted Orient, referring to common evaluations used on health websites.

Conducted by Janlori Goldman and Zoe Hudson of Georgetown University, the report acknowledges the vast number of privacy policies written by health websites, but concludes the policies are not sufficient.

“On the whole, it appears that while Web sites are generally more attentive to the need for privacy policies — as evidenced by the growing number of sites with privacy policies — these policies still fall far short of a comprehensive privacy scheme.”

“Given the degree of change and volatility in the Internet in general and in health care on the Internet in particular, we expect (and in fact hope) that some of the policies will change,” it continues.

National privacy expert, Robert Gellman, warns that conventional privacy protections between doctors and patient are threatened.

“If a patient discloses information to a website, then the privilege may be lost. Giving information to health websites may be fatal to your physician-patient privilege,” said Gellman

Recommendations to patients from Gellman include avoiding sites that carry ads from DoubleClick, that ask for names or other identifying information, or state that their privacy policy is subject to change at any time.

“These are red flags that you should leave immediately,” Orient said.

“[Patients] think it’s free, but what they may be paying with is their privacy,” she told WorldNetDaily. “Patients beware.”